Community Health Systems Information Systems Hacked

UPDATE: Ms. Kiker, FRH Marketing and Public Relations Director sent FYN an e-mail stating the following:

“

CHS will be sending out letters to all patients affected by the data breach. In addition, an 800 number is being set up for people to call in which will be operational tomorrow, Wednesday, August 20. The 800 number is 855-205-6951. CHS is offering free Identify Theft protection as well.”

UDATE: Fannin Regional Hospital (FRH) Representative Responds

FRH Marketing and Public Relations Director, Susan Kiker, sent FYN a press release at 10:51 today (Tuesday) confirming that patients registering at both FRH and the Appalachian Physican’s Group may be victims of the security breech.

Ms. Kiker said that patients can call a toll-free number in order to receive assistance in protecting their private information.

The number is 855-205-6951. It will be activated tomorrow (Wednesday, August 20).

A CHS press release stated:

“Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection.”

Another release informs the public that the federal government is culpable in the breech incident:

” It is up to the Federal Government to create a national cyber defense that can prevent this type of criminal invasion from happening in the future.”

An e-mail sent to Community Health Systems requesting the date that the company knew of a possible breech has not been returned as of publishing time (12:11 pm)

Community Health Systems, located in Franklin, Tennessee (of which Fannin Regional Hospital is part) experienced an information security breech in which patient information such as names, addresses, social security numbers, dates of birth may have been stolen.

FYN has attempted to reach officials both at the Fannin Facility and the corporate headquarters on Tuesday morning but, as of ‘press time’ those e-mails and phone calls had not been returned.

Hence, it is unclear as to whether or not Fannin Regional patients have been affected.

An article posted yesterday (Monday, August 18th) from the Reuters News Service reported that the hospital system mentioned the hacking incident within a regulatory filing on Monday.

According to Reuters, approximately 4.5 million patients may have been victimized by the hacking incident within the hospital’s 206 hospitals.
An expert at Mandiant (the cyber security software company CHS hired to address the breech) told Reuters that “APT 18”,a China-based hacking group is thought to be responsible for the incident.

Most often, Chinese hacking groups seek product design as well as business or political information. Recently, information security experts have cited incidences of expanded searches for personal financial information.